kernel_samsung_a53x/security
Silvio Gissi e457812cb1 keys: Fix overwrite of key expiration on instantiation
commit 9da27fb65a14c18efd4473e2e82b76b53ba60252 upstream.

The expiry time of a key is unconditionally overwritten during
instantiation, defaulting to turn it permanent. This causes a problem
for DNS resolution as the expiration set by user-space is overwritten to
TIME64_MAX, disabling further DNS updates. Fix this by restoring the
condition that key_set_expiry is only called when the pre-parser sets a
specific expiry.

Fixes: 39299bdd2546 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry")
Signed-off-by: Silvio Gissi <sifonsec@amazon.com>
cc: David Howells <dhowells@redhat.com>
cc: Hazem Mohamed Abuelfotoh <abuehaze@amazon.com>
cc: linux-afs@lists.infradead.org
cc: linux-cifs@vger.kernel.org
cc: keyrings@vger.kernel.org
cc: netdev@vger.kernel.org
cc: stable@vger.kernel.org
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-19 11:32:49 +01:00
..
apparmor lsm: make security_socket_getpeersec_stream() sockptr_t safe 2024-11-18 23:19:51 +01:00
bpf Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
integrity ima: detect changes to the backing overlay file 2024-11-18 11:43:25 +01:00
keys keys: Fix overwrite of key expiration on instantiation 2024-11-19 11:32:49 +01:00
loadpin Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
lockdown Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
safesetid Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
samsung security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
sdp Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
selinux lsm: make security_socket_getpeersec_stream() sockptr_t safe 2024-11-18 23:19:51 +01:00
smack smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() 2024-11-19 09:22:14 +01:00
tomoyo tomoyo: fix UAF write bug in tomoyo_write_control() 2024-11-18 23:18:29 +01:00
yama Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
commoncap.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
device_cgroup.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
inode.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
Kconfig.hardening Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
lsm_audit.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
min_addr.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
security.c lsm: fix default return value of the socket_getpeersec_*() hooks 2024-11-18 23:19:51 +01:00